#16

Its a long time since I was involved in this level of support so please bear that in mind before flaming

Does this not still work?

http://www.computerhope.com/rdebug.htm#4


It was simple and free! Reduced any hdd to a physical piece of machinery and the computer couldn't see it until it was newly partitioned and formated

LoLth Special
#17

one pass is enough with modern hard drives.

http://www.anti-forensics.com/disk-wiping-one-pass-is-enough

so yes, a full format (not quick!) should do the trick.

alternatively, get an old PC, connect all the drives to it internally (take out the cd drive to connect up another, use an ide/sata to usb bridge to connect another etc. copy DBAN to a bootable USB (set up manually or maybe unetbootin has a dban option), boot from DBAN and nuke em all! single pass (non-military) wipe should do it.

#18

1 pass with DBAN is enough.

infodox Registered User
#19

As an aside, good luck wiping USB keys. A person I know fairly well tells me that he had USB keys that had been wiped, formatted, and erased so much that they would no longer mount reliably, dating back as far as 2007 or so. Old, well abused and carefully erased devices. Yet one forensics officer with a copy of Encase was able to pull all kinds of **** from the drive, dating as far back as 2008 or so. This was recently as well.

I never feel one wipe is enough, having seen what Encase and a competent forensics person can do. Physical destruction of the drive to NOTHING is the only really secure way to erase data.

I do wonder though, if a person with a habit of using second hand hard drives had their drives seized, how are they meant to prove in court what data is theirs and what is the previous owners? One never knows what the previous owner had on their drives... And a 120gb drive with about 40gb of bad sectors from the previous owner gives one pause to think "what the hell were they doing to that machine?!"

#20

Someone who says "wiped, formatted, and erased" doesn't know what they are doing. It was never wiped if they got something off it.

http://www.anti-forensics.com/disk-wiping-one-pass-is-enough-part-2-this-time-with-screenshots

http://www.anti-forensics.com/disk-wiping-one-pass-is-enough

the_syco Registered User
#21

Damo2k said:
If its Windows Vista/ 7, full format most likely will do.

I've done a full format, reinstalled Windows ono it, and then found out that I need to get a file from the old OS. With tools on the market, I was able to get teh document back.

I second DBAN.

Random said:
what programs are you guys using to wipe hard drives these days?

what did you use the HDD for? Business or personal? Who are you selling the HDD to (friends, family, who)?

#22

the_syco said:
I've done a full format, reinstalled Windows ono it, and then found out that I need to get a file from the old OS. With tools on the market, I was able to get teh document back.

I second DBAN....



This might explain why...

Contrary to popular belief, doing a full format with Windows 7 only over-writes the old disk format configuration data (the MBR) with the new and checks for sector errors, then marks the remaining space to be over-written as needed, it does not over-write (remove) any other data at all, it's all still there including code from previous Operating Systems and all of the old personal data.


http://www.sevenforums.com/tutorials/172617-secure-erase-wipe-definition-methods.html

tommy.obr Registered User
#23

Pop them in the microwave, about two minutes on full heat should do the job. The microwave might'nt be in great shape after it though..

#24

Yes metal in a microwave not so clever.

Damo2k Registered User
#25



The windows support page might be incorrect so, as it says it writes 0's to entire drive:
http://support.microsoft.com/kb/941961/en-us

LoLth Special
#26

isnt the "quick format" an overwrite of the MBR and set overwrite flag on the contents of any existing MFT while a "full format" is a proper wipe of every sector which is why it takes so much longer?

For raid arrays, a full initialisation is a full write of zeroes.

for USB keys, there was a whitepaper released on SSD and Flash storage, I think the result was up to 85% of data was recoverable even after a "secure" wipe that would have destroyed all data on a standard HDD.

link to tomshardware article:
http://www.tomshardware.com/news/solid-state-flash-translation-layer-NAND-FAST-11-Sanitization,12252.html

link to the whitepaper:
http://www.usenix.org/events/fast11/tech/full_papers/Wei.pdf

1 person has thanked this post
#27

The devil is in the details. Assume nothing.

Just do a single wipe. Then you're not left wondering.

Microsoft, it depends which kind of format you do. For the love of mike...

#28

Well this is one way of ensuring absolutely no risk of data theft!

infodox Registered User
#29

LoLth is correct - with USB keys and flash storage, the way their filesystem and memory actually functions means that standard wiping tricks fail miserably. They are designed to stop you from damaging the drive by read/write to fast, so they simply seem to "contain" your wiping in some way. I do not fully understand the theory behind it all, but in practice I know that EnCase + competent forensics guy does a bloody amazing job of file recovery!

I am sure some of the forensics guys at WIT can concur? A friend suggests the best way to wipe a USB drive is to fill it COMPLETELY with junk data, format, repeat. Or just take a lumphammer or blowtorch to it...

For securing from civilians/average people DBAN is fine. But if one REALLY has something to hide, PHYSICAL OBLITERATION of the drive is needed. Smashing, blowtorching and dissolving followed by filtration (remove any frags left intact) and burial / dumping over a large landmass.

Depends on your paranoia levels!

(of course, we all wish we had an epic hard drive shredding machine, don't we?)

#30

infodox said:
...they simply seem to "contain" your wiping in some way. I do not fully understand the theory behind it all,

...A friend suggests the best way to wipe a USB drive is to fill it COMPLETELY with junk data, format, repeat....

For securing from civilians/average people DBAN is fine....


Do you realise that's all one and the same thing. Overwriting all the disc. EnCase can't recover what isn't there.

Some one advocating formating is not credible IMO. Unless they are specific about what the formatting is doing.

Want to share your thoughts?

Login here to discuss!